Swisscom Trust Services - Trust Blog

5 ways eIDAS 2.0 will impact your business | Trust Blog

Written by Ingolf Rauh | 4/25/24 8:28 AM

Strong identification is critical to establishing trust in the digital world. With an amendment to the eIDAS regulation, the EU has now introduced digital identity wallets for all citizens. Customers equipped with an easy-to-use eID solution represent significant opportunities for growth in the digital services sector—even for strictly regulated transactions. However, implementing an online ID framework on the business side is complex.

 

On November 8, 2023, the Commission, the European Parliament, and the Council of the European Union reached a consensus in a trilogue discussion regarding revising the eIDAS regulation. Officially named eIDAS 2.0 or the European Digital Identity Framework, this regulation aims to address the limitations of the original eIDAS regulation while further cultivating the European trust space, all without undermining the sovereignty of the member states.

eIDAS 2.0 will be released on April 30, 2024, and the regulation will become effective 20 days later.

We highlight five key ways the new regulation will impact businesses in the digital services sector, and we examine how trust services can boost digital business in the future.

1. Enhanced digital identity solutions boost digital services

Under eIDAS, a key mandate requires member states to issue eID Wallets to all citizens and legal entities while recognizing the equivalent from other states. This paves the way for EU citizens to authenticate themselves online for various digital services, spanning both the private sector and public administrative services.

The new regulation introduces over 50 implementing acts, stipulating detailed technical and operational standards to ensure a high level of interoperability and to facilitate a unified online identification ecosystem.

The upcoming European eID Wallet is poised to offer an easy-to-use and secure method for identification. This innovation enhances financial services, insurance, and e-commerce industries by providing secure authentication with less friction than traditional methods, like video identification. The quick and user-friendly wallet identification process is expected to increase conversion rates by removing barriers at critical points where potential customers traditionally drop off.

Additionally, the expanded ID ecosystem will allow state and non-state entities to issue various digital credentials, such as driving licenses, university degrees, and other certifications, that can be securely stored in the wallet along with basic personal information. In the future, universities, language schools, or private educational institutions can issue so-called attributes attested by trust services. As a qualified trust services provider, Swisscom Trust Services will support you in the attestation process in the future.

eIDAS also defines new trust services like special certificates ("QWAC") for website authentication to show in the browser that you are entering, e.g., an official website of an authority or organization, and e-archiving, which guarantees that the digital lifetime of a (signed) document will be officially secured.

 

2. Cross-border recognition is a driver for international business

Distinct from other eID methods, the EU Wallet is a universally applicable solution, not tied to the citizenship of any particular member state. Many identification services are linked to national identity cards, effectively barring EU citizens from other member states from accessing certain online services. The new infrastructure aims to eliminate this barrier, streamlining the process for businesses to extend their digital offerings across various European countries – even within strictly regulated sectors like finance. Swiss legislators are also looking to integrate aspects of the eIDAS regulations into local law. As the leading pan-European trust service provider certified under eIDAS and Swiss legislation, Swisscom Trust Services is the optimal ally for companies aiming to venture into the international market within highly regulated industries.

3. Innovative identification methods are easy to use for customers but complex for businesses

The new EU ID Wallet represents a significant leap forward in simplifying online identification. Users are relieved of the need to undergo complex video identification processes repeatedly. Currently, people must identify themselves anew with each service they access. With the EU ID Wallet, an array of certifications is integrated, transforming it into a comprehensive hub for all identity-related credentials – from driving licenses to academic degrees or vaccination records. Nevertheless, current methods like auto-identification and video-identification will also profit from the regulation and unique implementing acts since they will harmonize how people could register for electronic signature more than with eIDAS v1, giving national authorities more freedom to determine the condition.

While this streamlines the user experience, it introduces complexity for the issuing institutions and companies. They must ensure their digital certificates are legally sound, highly secure, and tamper-proof. This security is achieved through the issuance of qualified digital certificates by qualified trust service providers, employing asymmetric cryptography to create verifiable and trustworthy digital documents.

 

 

4. While the aim is to strengthen legal certainty, eIDAS 2.0 may create new uncertainties

One of eIDAS's esteemed objectives is to bolster legal certainty across the European Union. However, certain aspects of the new regulation may introduce more significant uncertainty and complexity for businesses, particularly in e-signatures. The revised eIDAS now encompasses advanced electronic signatures (AES), which non-qualified trust service providers and, of course, qualified trust service providers can offer. Consequently, customers face the challenge of distinguishing between simple electronic signatures (SES) and AES from non-qualified providers versus those from qualified trust service providers, along with qualified electronic signatures (QES). Navigating the appropriate solution for each application within this new framework may prove challenging. In most scenarios, it's crucial to recognize that only QES hold the highest legal standing, equivalent to handwritten signatures. In contrast, SES or AES may require verification in court if their validity is challenged. Therefore, businesses are advised to collaborate with a qualified trust service provider capable of delivering all types of electronic signatures, enabling them to choose the appropriate level of assurance for each specific case.

Discover how the QES can support client interaction in private banking.

5. Strong data protection is critical for consumer trust

eIDAS 2.0 establishes consumer trust in digital services by promoting secure and dependable electronic identification and transaction processes. Enhanced data protection provisions embedded within the regulation will safeguard personal information, strengthening consumer confidence in online interactions. eIDAS 2.0 introduces mechanisms for data sharing and discretionary disclosure. Leveraging the European Digital Identity Wallet, individuals will have the autonomy to manage the extent of data they share with service providers while also being informed of the specific attributes required to access specific services. Digital identity frameworks are required to be fully compliant with the EU General Data Protection Regulation( GDPR). The trust services are now declared critical infrastructures subject to the NIS2 directive for critical infrastructures, which must be transposed into national law by September 2024.

Customers of Swisscom Trust Services can rely on the highest standard of data protection and strict adherence to EU legislation with its Austrian service by Swisscom IT Services Finance S.E. in Vienna, and its Swiss Service of Swisscom (Switzerland) Ltd. Recognized as a secure third country under Art. 45 of the GDPR, Switzerland is treated the same way as any EU country, providing an 'adequate level of protection for transferring personal data'. Swisscom IT Services Finance S.E. is now facing the upcoming Austrian NIS2 law for becoming an accredited critical infrastructure.

For further information, please visit our help center.

Secure yet easy-to-use eID Solutions boost digital service businesses, removing friction and increasing conversion. As a pioneer in pan-European digital trust, Swisscom Trust Services can support you with integrating various identification methods, including the upcoming EU wallets. Provide your existing and potential customers with a best-in-class integrated eID solution and boost your conversion!